Login Sign Up

CVE-2022-49685

7.8 HIGH

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's IIO (Industrial I/O) subsystem sysfs trigger. It allows attackers with local access to potentially execute arbitrary code or cause denial of service by triggering the vulnerability before cleanup operations complete. Systems running vulnerable Linux kernel versions with IIO subsystem enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if CONFIG_IIO_SYSFS_TRIGGER is enabled and sysfs trigger interface is accessible.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution, potentially leading to full system compromise.

🟠

Likely Case

Kernel panic or system crash causing denial of service.

🟢

If Mitigated

Limited impact if proper access controls prevent local attackers from accessing sysfs triggers.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger sysfs operations. Race condition exploitation adds complexity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits (e.g., 31ff3309b47d, 4687c3f95524, etc.)

Vendor Advisory: https://git.kernel.org/stable/c/31ff3309b47d98313c61b8301bf595820cc3cc33

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable IIO sysfs trigger

Linux

Disable the vulnerable IIO sysfs trigger module if not needed

echo 'blacklist iio_sysfs_trigger' >> /etc/modprobe.d/blacklist.conf
rmmod iio_sysfs_trigger

🧯 If You Can't Patch

  • Restrict local user access to sysfs trigger interface
  • Implement strict access controls and monitoring for suspicious local activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if iio_sysfs_trigger module is loaded: 'lsmod | grep iio_sysfs_trigger'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched and module is either not loaded or updated version

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • KASAN use-after-free reports in dmesg
  • System crashes related to IIO subsystem

Network Indicators:

  • None - local exploit only

SIEM Query:

Search for kernel panic events or suspicious local user activity with sysfs access

📊 Metadata

CVE ID: CVE-2022-49685
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.04% exploit probability (10.3th percentile)
Published: February 26, 2025
Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49685, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)